PT-2026-42755 · Apache · Apache Cxf

Colm O Heigeartaigh

·

Published

2026-05-22

·

Updated

2026-06-30

·

CVE-2026-44930

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.1 Apache CXF versions prior to 4.1.6 Apache CXF versions prior to 3.6.11
Description An LDAP injection issue exists in the LDAP Certificate repository of the XKMS server. This allows an attacker to retrieve arbitrary certificates from the repository. LDAP injection is a technique where malicious LDAP statements are used to manipulate queries sent to a directory server.
Recommendations Upgrade to version 4.2.1. Upgrade to version 4.1.6. Upgrade to version 3.6.11.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07399
CVE-2026-44930
GHSA-PG32-686Q-QH6X

Affected Products

Apache Cxf